News

North Korean Hacker Group BlueNoroff Launches New Malware to Target Cryptocurrency Companies

single-image

According to the cybersecurity company Recorded Future, hacker groups from North Korea have reportedly appropriated around $3 billion in assets since the year 2017.

Stay in the know on crypto by frequently visiting Crypto News Today

BlueNoroff, a notorious North Korean hacker group known for numerous phishing and cyberattacks since 2019, has turned its sights on crypto firms with a new strain of malware specifically designed to infiltrate MacOS computers.

CryptoCaster Quick Check:

As detailed in a report by SentinelLabs, this malware campaign, dubbed “Hidden Risk,” is delivered in multiple stages through malicious PDF files. The attackers employ fake news headlines and genuine-looking crypto market research to entice unsuspecting victims, both individuals and organizations.

When a user downloads the PDF, a legitimate-looking decoy document is opened to avoid suspicion, while the malware quietly installs itself as a separate file on the MacOS desktop. This tactic allows the attack to go unnoticed while the malicious software gains a foothold on the system.

Advertisement

The malware package includes a suite of functions that provide BlueNoroff with a backdoor, enabling remote access to compromised computers. The primary goal of the hackers is to steal sensitive information, such as private keys for digital asset wallets and access credentials for cryptocurrency platforms.

FBI Issues Warning About North Korean Hackers

The United States Federal Bureau of Investigation (FBI) has repeatedly issued warnings about BlueNoroff, a subgroup of the Lazarus hacking collective, and other cybercriminals linked to the North Korean regime. Over the past several years, these alerts have highlighted the escalating threats posed by these state-sponsored attackers.

In April 2022, the FBI, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), raised concerns specifically aimed at crypto firms. They urged companies to implement precautionary measures to defend against the sophisticated techniques employed by North Korean hacking groups targeting the digital asset industry.

Despite the warnings, BlueNoroff continued its malicious activities. By December 2022, the group had launched another major phishing campaign, this time focusing on companies and banks. The hackers registered over 70 fake domain names, masquerading as well-known venture capital firms, to deceive victims and infiltrate their systems, with the aim of stealing significant funds.

Advertisement

The FBI provided a fresh update in September 2024, reporting that the Lazarus Group had resorted to social engineering to steal cryptocurrency. The hackers targeted employees of centralized exchanges and decentralized finance firms, enticing them with fake job offers. This tactic was designed to trick victims into unwittingly sharing access to sensitive financial data.

The phishing strategy involved building trust over time. Hackers established relationships with their targets, gradually gaining credibility before sending links that appeared to be employment tests or applications. These malicious links, when clicked, compromised victims’ systems and drained funds from desktop wallets, causing significant financial losses.


We hope you found this article insightful. Before you go, please consider supporting CryptoCaster’s independent journalism.

In the world of media owned by billionaires like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase), influence over narratives surrounding cryptocurrency and Web3 often reflects their interests. CryptoCaster is different. With no billionaire backers or shareholder obligations, we are committed solely to public interest journalism, covering crypto advancements and institutional changes without profit-driven motives.

Unlike much of mainstream media, which can fall into neutrality traps that obscure the real impacts on retail investors, we’re guided by transparency and integrity. We are unafraid to take a stand in the ongoing struggle against fiat banking dominance and in support of the monetary innovation driven by crypto and Web3. Reporting on issues like FTX, Binance, and Ripple, we bring a bold, unfiltered outsider’s view on global financial disruption—free from the constraints of traditional media narratives.

CryptoCaster remains paywall-free, accessible to everyone, thanks to the support of readers like you. Your contributions keep us independent and help ensure that critical information on the crypto landscape reaches all. If you value our work, please consider supporting us with a one-time contribution starting at just $1 in Bitcoin or Ether, or even monthly if you’re able. Scroll down to find our wallet addresses and help keep CryptoCaster independent and thriving.

Thank you for your support,

Kristin Steinbeck
Editor, CryptoCaster

Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.


Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D


CRYPTOCASTER HEATMAP


You may also like